Connecting the New World with the Old World via Commerce and Dialog

Tag: cyberattacks

This news summary was originally dispatched as part of Epoch Times China email newsletters. Subscribe to the newsletters by filling your email in the “China D-brief” box under this article, or sign up here.
One of the most important developments in recent history for China’s military took place last month, and it was easy to miss.
The Chinese Communist Party (CCP) ordered its military to abandon its business ventures over the next three years. The order applies to the People’s Liberation Army and the People’s Armed Police.
Those who follow Epoch Times reporting know the implications of this run deep. As my colleague Matthew Robertson pointed out, this will notably close the military-run hospitals which carry out the CCP’s forced organ transplants of prisoners of conscience—most markedly Falun Gong practitioners.
Robertson profiled the operations of one of these hospitals, Tianjin First Central, in an investigative piece in February, and noted “Epoch Times found sufficient evidence to throw into great doubt, if not demolish entirely, the official narrative of organ sourcing in China. This is simply due to the number of transplants: they are far too high.”
But the implications of the new order for the Chinese military run deeper still, as the order will very likely also impact the Chinese military’s use of cyberattacks for financial gain.
I’m not talking about the state-sanctioned cyberattacks, but instead the cyberattacks military commanders run to feed business ventures they have ties to, and the cyberattacks individual military hackers carry out to stuff their own pockets.
I mapped out China’s military-industrial complex in a September 2015 investigative report, and noted that until recently the Chinese military was expected to find external ventures to fund its operations.
I also detailed in March the DarkNet marketplaces that Chinese military hackers run to make money on the side. The hackers have been carrying out the state-run cyberattacks on behalf of the Chinese regime, but have also been stealing additional information they can sell personally.
Under the new orders, it’s likely these external ventures will gradually lessen, and we could see a significant drop in Chinese cyberattacks.
Of course, this doesn’t mean the state-sponsored cyberattacks will stop. It just means the military-led cyberattacks the Chinese regime doesn’t have a direct hand in could be coming to an end.
This process has actually been underway for some time. In September 2015, the leader of the Chinese Communist Party, Xi Jinping, announced he would cut 300,000 troops from the Chinese military. This was accompanied by a planned restructuring of the Chinese military.
I reported in November 2015 that there was more to this restructuring than meets the eye. A proposal for the new structure shows that it would move the military units that carry out the cyberattacks out from under strict military control, and put them under joint command between the Central Military Commission and the State Council.
In other words, the restructuring would give the “government” side of the Chinese regime–the state council–more oversight over the types of cyberoperations being carried out by the military.
Read MoreAgreement on Cyberattacks Will Not Stop China’s Economic Theft
On May 16, the Chinese regime also deployed “anti-graft” squads to different theater commands and “key military departments,” according to the state-run Global Times. Under the oversight of these 10 anti-graft squads, it states, these targeted commands and departments will “for the first time be accountable to top military authorities.”
This won’t all happen overnight, however. The state-run China Daily reported on May 10 that the People’s Liberation Army and People’s Armed Police have started by selecting 17 units to close their commercial activities.
With plans to complete this process within three years, it notes the 17 units are “tasked with exploring effective ways to shut down businesses.”

This news analysis was originally dispatched as part of Epoch Times China email newsletters. Subscribe to the newsletters by filling your email in the “China D-brief” box under this article.
There have been four cases of Chinese espionage against the United States in just the last three weeks. These haven’t been the run-of-the-mill cyberspies either; these are Cold War-style cases of individuals allegedly caught spying on behalf of a communist regime.
Three of the cases involved people trying to steal nuclear technology. Another involved the theft of cutting-edge technology for unmanned submarines.
The first case garnered the most attention. On April 8, the U.S. military held the first hearing on the case of Lt. Cmdr. Edward Chieh-Liang Lin. The U.S. military officer and Taiwanese immigrant served as a “nuclear-trained enlisted sailor” and as a signals intelligence expert, and was allegedly spying on behalf of Taiwan and Mainland China.
Just five days later, a Chinese citizen, Fuyi “Frank” Sun, 52, was arrested in New York for trying to obtain sensitive carbon fiber used in nuclear centrifuges. Sun allegedly told undercover agents he worked for the Chinese regime’s missile program and had close ties to the Chinese military.
The next day, on April 14, another individual was indicted, alongside a Chinese state-owned nuclear power company, in a conspiracy case in Tennessee. Szuhsiung “Allen” Ho was allegedly acting on behalf of the state-run company to illegally transfer nuclear materials to China.
Then, just seven days later on April 21, Amin Yu, 53, was charged in Florida for “acting as an illegal agent” for China and trying to steal sensitive technology, including for unmanned underwater vehicles.
If the tables were turned, and four American spies were caught spying on another country—especially if it were in the course of a few weeks—it would be an international scandal. But with China, the world seems to have gotten somewhat desensitized to its brazen use of espionage.
In fact, only two of the cases were broadly covered by U.S. news outlets.
The unfortunate fact is that there are so many cases of Chinese espionage against the United States—both using cyberattacks and human spies—that they’ve begun to blend in with each other.
Chinese espionage has become the “dog bites man” story, where cases are so common that they’ve lost their shock value. People are no longer surprised by the cases, and so many news outlets seem to gloss over them.
But the importance of these cases is no less significant than it was during the Cold War, and the frequency of spy cases coming out of China isn’t a whole lot different.
The fact is that while China’s use of cyberattacks for espionage has taken center stage, it also has a very large system for conventional espionage—and its spies on both ends will often work together.
The Chinese military’s two main departments for this type of espionage are overseen by its General Staff Department. The cyberattacks are run under its Third Department, which handles signals intelligence (SIGINT); while its human intelligence (HUMINT) operations are carried out by its Second Department.
Epoch Times reported previously that the Chinese regime has between 250,000 and 300,000 soldiers under its Third Department dedicated to cyberespionage. Its Second Department has between 30,000 and 50,000 human spies working on insider operations.
The Chinese military also runs more than 3,200 military front companies in the United States, which are dedicated to theft. The information was revealed by the FBI’s former deputy director for counterintelligence, in a 2010 report from the U.S. Defense Threat Reduction Agency.
MORE:Murder, Money, and Spies Investigative Series
With these numbers in mind, it’s important to point out that even though cases of Chinese espionage (both SIGINT and HUMINT) are regularly exposed, the cases brought to light are just a drop in the ocean compared to the broader picture of what’s taking place.
There is also a lot of overlap between China’s use of cyberattacks and human spies. Sources told Epoch Times in a previous interview that Chinese cyberspies will even at times launch cyberattacks to cover the tracks of spies working as insiders in U.S. businesses and government agencies.
The rationale of using human intelligence operatives was explained well in a previous interview with Jarrett Kolthoff, president of cyber counterintelligence company SpearTip and a former special agent in U.S. Army counterintelligence.
Kolthoff told Epoch Times that Chinese spies are interested in “quantity first, quality second,” and often grab everything they can. He said they look for whatever approach is most effective for reaching this goal, and they “determine that it’s much easier to obtain the information through a rogue insider, or a trusted insider who is working for someone else.”
He said that while the human spy is at work, cyberspies will then launch attacks as a ruse, and this makes it appear the information was stolen through a cyberattack instead of an insider. This prevents the company or agency from searching for the insider spy, and Kolthoff noted “it’s very, very effective.”

This news analysis was originally dispatched as part of Epoch Times China email newsletters. Subscribe to the newsletters by filling your email in the “China D-brief” box under this article.

Targets of major Chinese cyberattacks in 2015 could hint at what industries will be hit this year, according to a new report from cybersecurity company CrowdStrike.
Personal records of more than 22 million U.S. federal employees were stolen from the Office of Personnel Management, in a cyberattack announced in June 2015. It followed another attack on the Anthem health insurance company, where hackers stole close to 80 million records.
Hints at the new direction can be found in the Chinese Communist Party’s 13th Five-Year-Plan, which was released in November 2015 and should be finalized early this year.
“These plans typically provide a roadmap for what China will target using cyber means,” the report states.
The Chinese regime is trying to push out foreign technology, in favor of domestic technology, and is also trying to build a middle class.
“The combination of China becoming increasingly distrustful of western information technology and a desire to promote its own sectors of industrial manufacturing and retail may lead to a gradual tapering off of targeting against these sectors,” the report says.
It says Chinese hackers may instead focus on areas including agriculture, healthcare, and alternative energy, which “China deems crucial to promoting the wellbeing of its growing middle class, and where it has the most technological gaps.”
These would add to the list of industries the Chinese regime has already identified for theft. Under Project 863, Chinese hackers and spies target nine industries including biotechnology, information technology, automation, and telecommunications.
The U.S. Office of the National Counterintelligence Executive said in a 2011 report that Project 863 “provides funding and guidance for efforts to clandestinely acquire U.S. technology and sensitive economic information.”
The Chinese hackers may start broadening their nets as well. Instead of just going after intellectual property, the Crowdstrike report says they may go after basic know-how “such as building native supply chains and administrative expertise.”
I’ve reported previously that Chinese were already going after this type of information. They’re looking at everything from how companies are managed, to how they market their products.
It may now be even more so, however, since the Chinese regime is making a serious effort to push out foreign firms and take the place they once occupied.
MORE:Cyberattack From China Targets Epoch Times and New Tang Dynasty TelevisionCHINA SECURITY: Chinese Electronics Force You to Abide by Chinese Censorship
The report says we may also see some changes—at least in the short term—in how the Chinese hackers operate, since the Chinese regime is undergoing a structural shift, set to be completed by 2020.
Hackers in the Chinese military may see their new positions sooner. The report says, “cyber will likely be a priority due to China’s emphasis on winning informatized wars, meaning that the shift may be observed soonest in that arena.”
In the meantime, it says, some of the Chinese cyberattacks may be carried out by its civilian intelligence agencies and associated contractors—such as the Ministry of Public Security.

I had the pleasure of speaking at Pace University’s recent Threat Intelligence Forum about what’s really behind Chinese cyberespionage, and I thought it would be useful to replicate that talk here.
There are enough Chinese cyberattacks where it’s fair to say most of us are familiar with the surface picture. There were close to 700 Chinese cyberattacks designed to steal corporate or military secrets in the United States between 2009 and 2014, according to an NSA map released by NBC News.
It’s also important to note the attacks designed for economic theft are only a small piece of the larger picture. Many Chinese cyberattacks are designed to spy on dissidents living abroad, keep tabs on foreign news outlets, spy on governments, or to censor individuals and organizations that are critical of the Chinese regime.
In March, for example, it launched cyberattacks on the anti-censorship website GreatFire.org. In June, it stole 21.5 million background checks from the U.S. Office of Personnel Management on current and former federal employees. In September, the Chinese regime was caught spying on the U.S. government and European news outlets.
The attacks designed for economic theft usually get the most attention—and with good reason. Retired federal prosecutor David Loche Hall explained the economic seriousness of these attacks in his recent book, “Crack99.”
There are 75 industries in the United States identified as intellectual property (IP) intensive, according to Hall. These industries hold 27.1 million American jobs, or 18.8 percent of all employment. Each of these jobs also supports one additional job through the supply chain.
So, when you look at the whole picture, close to 40 million jobs, or 27.7 percent of all employment in the United States, relies on protection of IP. And it’s this IP that the Chinese regime has been stealing with cyberattacks.
Close to $300 billion and 1.2 million American jobs are lost each year to IP theft, according to the Commission on the Theft of Intellectual Property.
“When this innovation is meant to drive revenue, profit, and jobs for at least 10 years, we are losing the equivalent of $5 trillion out of the U.S. economy every year to economic espionage,” said Casey Fleming, CEO of BLACKOPS Partners Corporation, in a previous interview with Epoch Times.
MORE:CHINA SECURITY: China Reaps What It Sows, as Paranoid North Korea Lashes OutCHINA SECURITY: In Cybersecurity, the Chinese Regime Has Become the Boy Who Cried Wolf
BLACKOPS Partners Corporation provides intelligence and cyber strategy to the Fortune 500. He emphasized that to understand the impact of economic theft, you need to look at the full economic life cycle of raw innovation, including trade secrets, research and development, and information for competitive advantage.
Chinese cyberattacks are also a lot different from other cyberattacks, and this is why experts often place them under a different category.
Cybersecurity company MANDIANT wrote in 2010, “These intrusions appear to be conducted by well-funded, organized groups of attackers. We call them the ‘Advanced Persistent Threat’—the APT—and they are not ‘hackers.’ Their motivation, techniques and tenacity are different. They are professionals, and their success rate is impressive.”
It also notes, “… we’ve been able to correlate almost every APT intrusion we’ve investigated to current events within China.”
So, the big question is what’s really behind the APT. To understand this, you need to understand the structure and operations of the Chinese Communist Party’s (CCP) spy departments.
The overt spy operations are mainly carried out by two departments. The United Front Work Department works to expand the CCP’s sphere of influence in foreign communities, while the Overseas Chinese Affairs Office works to monitor Chinese living abroad and manage the CCP’s overseas systems of governance.
These departments are important to mention here because, while their focus is spying on individuals living abroad, their operations are aided by CCP cyberspy operations that can give them intel on targeted groups or individuals.
As an example, if the United Front Work Department was trying to butter up a U.S. senator, the CCP’s cyberspies could give them information from the senator’s emails or background check, which they can then use.
When it comes to cyberattacks for economic theft, most of these are attributed to the Third Department of the People’s Liberation Army General Staff Department. The Third Department runs the signals intelligence (SIGINT) operations of the CCP.
Alongside the Third Department is the Second Department, which runs many of the conventional human intelligence (HUMINT) operations. Then there’s the Fourth Department that handles the electronics intelligence (ELINT) operations.
There is a lot of overlap in Chinese spy operations. Physical spies may help the cyberspies by “accidentally” infecting a computer in a company where they’ve been planted. The CCP’s hackers may also help cover the tracks of an insider by launching a cyberattack to make it appear information was stolen by a cyberattack, instead of by the insider spy.
These departments handle the bulk of the CCP’s spy operations under its military, and they run large-scale operations. The Project 2049 Institute think tank estimated in November 2011 there were 130,000 personnel under the Third Department. Wall Street Journal estimated the department has 100,000 hackers, linguists, and analysts.
Both the above estimates, however, were based on earlier pictures of the Third Department, which said it has only 12 operational bureaus. It’s now known the Third Department has at least 20 operational bureaus.
The CCP’s cyberspies are also divided into three tiers, as was detailed in the 2013 edition of “The Science of Military Strategy,” published by a People’s Liberation Army research institute. The details were outlined in March by Joe McReynolds, research analyst at the Center for Intelligence Research and Analysis.
The first tier of the CCP’s cyberspies are military units “employed for carrying out network attack and defense,” McReynolds said. The second tier are specialists in civilian organizations—including with government offices—that are “authorized by the military to carry out network warfare operations.” The third are groups outside the government and military “that can be organized and mobilized for network warfare operations.”
The Chinese military also runs front companies to aid in these operations. The FBI’s former deputy director for counterintelligence said the Chinese regime operates more

The cybersecurity deal between the United States and China is a deal without trust. With the United States threatening sanctions and declaring that its patience for Chinese cyberattacks had reached an end, the leader of the Chinese Communist Party (CCP), Xi Jinping, agreed to end cyberattacks that have been stealing trillions in value annually from the U.S. economy.

The agreement is being viewed with a sort of pessimistic hope in the cybersecurity community.

“My opinion is, I’ll believe it when I see it,” said Darren Hayes, director of cybersecurity and an assistant professor at Pace University, in a phone interview.

While some experts believe the threat of sanctions against Chinese companies is too large for the CCP not to comply, the CCP has a track record of saying one thing and doing another.

“I know it’s a priority for the U.S. government, because they estimate that trillions of dollars have been stolen, but this agreement lacks credibility,” said Hayes.

Obama and Xi announced the agreement during a joint press conference on Sept. 25, and drew a distinction between spy operations meant for economic gain, and those meant solely for espionage.

They agreed, Obama said, that neither country will “conduct or knowingly support cyberenabled theft of intellectual property, including trade secrets or other confidential business information for commercial advantage.”

Obama said he told Xi “the question now is, are words followed by actions.”

Oversight for Cyberspies

The cyberagreement will establish a system for high-level dialogue between the United States and the CCP. On the U.S. side, this will include U.S. secretary of homeland security and the U.S. attorney general.

The CCP will assign an official at the ministerial level. Other departments, including the FBI, the Department of Homeland Security, and Chinese offices with similar roles, will take part.

According to a White House fact sheet, this biannual dialogue will be used as a mechanism “to review the timeliness and quality of responses” if an incident takes place. In other words, if the United States detects a cyberattack being used to steal from a business, they will alert the CCP, and participants in the dialogue will review whether the CCP did anything about it.

Despite the oversight, on the surface the agreement appears to be toothless. Yet, deep down this may not be the case.

The context of the agreement is what’s important, according to Dmitri Alperovitch, co-founder and CTO of Crowdstrike, a cybersecurity technology company.

The CCP realized, he said in a phone interview, “if they didn’t concede on these points that sanctions would have been put on Chinese companies.”

While it doesn’t appear sanctions are mentioned directly in the agreement, the United States is reserving them as an option if the CCP’s use of cyberattacks for theft continue.

Obama hinted at this during the joint press conference with Xi. He said, “We will be watching carefully to make an assessment as to whether progress has been made in this area.”

If the CCP doesn’t comply, Obama said, sanctions and other retaliatory options are still on the table. He said, “I did indicate to President Xi that we will apply those and whatever other tools we have in our toolkit to go after cybercriminals, either retrospectively or prospectively.”

New Targets

One of the main problems the CCP faces is that its systems for economic theft are massive, and deeply entwined with its programs for economic growth.

Epoch Times recently exposed this system in an investigative report. The CCP’s economic theft is directed by legislation, and carried out by large-scale networks of military and private hackers. Stolen information is reverse engineered by a network of hundreds of “technology transfer centers” under government and academic offices. The system is also supported by more than 3,200 military front companies operating in the United States.

“We’re talking about tens of thousands of people involved in doing this for the Chinese government, and to say this is going to stop today or tomorrow is absurd,” said Hayes.

President Barack Obama (L) shakes hands with Chinese Communist Party leader Xi Jinping at the White House on Sept. 25. (JIM WATSON/AFP/Getty Images)

According to Alperovitch, however, the CCP may not need to dismantle this system. He believes the program could solve the problem of economic theft in the United States, but said Chinese hackers will still have plenty of targets to choose from.

Alperovitch said the CCP is unlikely to dismantle its network of military hackers. Instead, “They’re just going to give them new tasks.”

“It’s not going to cut down on all espionage,” he said, noting that we will likely see an increase in cyberattacks that fall under conventional espionage—and there will likely be an increase of Chinese cyberattacks against other countries.

The issue rests in two key elements of the agreement. First off, the agreement is currently only between the United States and China—and the CCP’s operations to steal intellectual property could simply turn their sights on businesses outside the United States.

Second, the agreement doesn’t cover cyberattacks that fall under the definition of old-fashioned espionage.

“The line is it has to be for commercial benefit,” Alperovitch said.

This means that cyberattacks stealing U.S. military blueprints, personal data on federal employees, and cyberattacks monitoring U.S. officials and other persons of interest will not only not end, but may even increase.

He said the United States has told the CCP, “We understand traditional intelligence gathering functions that all states, including us, engage in,” yet noted “that is fundamentally different from your government or its proxies engaging directly in industrial espionage and stealing trade secrets.”